diff options
author | Jakub Jelen <jjelen@redhat.com> | 2023-03-01 17:14:00 +0100 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2023-03-07 14:40:33 +0900 |
commit | 654d0dfa04993ebe28c0536d42f4bc6d87c28369 (patch) | |
tree | 37738dd5d61848bc008ea2d84d0be514c2a4aa33 | |
parent | 23a2d1285e35b2eb91bb422609eb1c965c8a9bf6 (diff) | |
download | libgcrypt-654d0dfa04993ebe28c0536d42f4bc6d87c28369.tar.gz |
visibility: Check FIPS operational status for MD+Sign operation.
* src/visibility.c (gcry_pk_hash_sign): Check fips status before
calling the operation itself.
(gcry_pk_hash_verify): Ditto.
--
GnuPG-bug-id: 6396
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r-- | src/visibility.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/visibility.c b/src/visibility.c index 73db3dea..1f17e147 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -1050,6 +1050,11 @@ gcry_error_t gcry_pk_hash_sign (gcry_sexp_t *result, const char *data_tmpl, gcry_sexp_t skey, gcry_md_hd_t hd, gcry_ctx_t ctx) { + if (!fips_is_operational ()) + { + *result = NULL; + return gpg_error (fips_not_operational ()); + } return gpg_error (_gcry_pk_sign_md (result, data_tmpl, hd, skey, ctx)); } @@ -1065,6 +1070,8 @@ gcry_error_t gcry_pk_hash_verify (gcry_sexp_t sigval, const char *data_tmpl, gcry_sexp_t pkey, gcry_md_hd_t hd, gcry_ctx_t ctx) { + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); return gpg_error (_gcry_pk_verify_md (sigval, data_tmpl, hd, pkey, ctx)); } |